Skip to main content

Trickbot Malware Has A New Trick Up Its Sleeves

By July 17, 2020May 5th, 2022Cybersecurity

Malware Lab’s researcher Maciej Kotowicz has made an intriguing discovery that makes the Trickbot banking trojan even more of a threat. The most recent strain of the malware he looked at is sporting a new feature that allows the code to check the resolution of the screen on the machine it’s running on.

If it finds the resolution to be either 800 x 600, or 1024 x 768, which are commonly used on virtual machines to examine such code, the process will terminate.

This is both good news and bad. On the one hand, since most virtual machines run those resolutions, it makes detecting Trickbot a much more difficult proposition. Given that, it’s a safe bet that other forms of malware will soon be utilizing the technique to help them evade detection.

It does mean that if your monitor is configured to use either of those resolutions, you’re essentially immune to the malware, because it will assume you are a virtual machine and leave you alone. Unfortunately, those are relatively poor resolution choices and almost every modern PC is capable at running much higher (and more useful) resolutions, making it very much of a two-edged sword.

This is definitely something you want to make sure your IT staff is aware of so they can adjust their detection strategies when searching for, or investigating malware strains.

While it’s unlikely that any company would opt for an approach that sees them set screen resolutions Enterprise-wide at one of those two resolutions, in certain specific instances, it may be a viable mitigation strategy. Even if not though, this most recent discovery provides a valuable glimpse into the mindset and lines of thinking employed by hackers around the world. Stay vigilant. It’s dangerous out there.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.